mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e
, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().
As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure. This
BIO_BUF_MEM doesn't get freed in our code.
So, we had a memory leak!
Is this an openssl bug? Maybe. But our code was already pretty
silly. Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?
Fixes bug 20553; bugfix on 0.0.2pre8
This commit is contained in:
parent
b0f1241a1d
commit
9b18b215bb
3
changes/bug20553
Normal file
3
changes/bug20553
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
o Minor bugfixes (memory leak):
|
||||||
|
- Work around a memory leak in OpenSSL 1.1 when encoding public keys.
|
||||||
|
Fixes bug 20553; bugfix on 0.0.2pre8.
|
@ -755,14 +755,13 @@ crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest,
|
|||||||
}
|
}
|
||||||
|
|
||||||
BIO_get_mem_ptr(b, &buf);
|
BIO_get_mem_ptr(b, &buf);
|
||||||
(void)BIO_set_close(b, BIO_NOCLOSE); /* so BIO_free doesn't free buf */
|
|
||||||
BIO_free(b);
|
|
||||||
|
|
||||||
*dest = tor_malloc(buf->length+1);
|
*dest = tor_malloc(buf->length+1);
|
||||||
memcpy(*dest, buf->data, buf->length);
|
memcpy(*dest, buf->data, buf->length);
|
||||||
(*dest)[buf->length] = 0; /* nul terminate it */
|
(*dest)[buf->length] = 0; /* nul terminate it */
|
||||||
*len = buf->length;
|
*len = buf->length;
|
||||||
BUF_MEM_free(buf);
|
|
||||||
|
BIO_free(b);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -429,12 +429,11 @@ key_to_string(EVP_PKEY *key)
|
|||||||
}
|
}
|
||||||
|
|
||||||
BIO_get_mem_ptr(b, &buf);
|
BIO_get_mem_ptr(b, &buf);
|
||||||
(void) BIO_set_close(b, BIO_NOCLOSE);
|
|
||||||
BIO_free(b);
|
|
||||||
result = tor_malloc(buf->length + 1);
|
result = tor_malloc(buf->length + 1);
|
||||||
memcpy(result, buf->data, buf->length);
|
memcpy(result, buf->data, buf->length);
|
||||||
result[buf->length] = 0;
|
result[buf->length] = 0;
|
||||||
BUF_MEM_free(buf);
|
|
||||||
|
BIO_free(b);
|
||||||
|
|
||||||
RSA_free(rsa);
|
RSA_free(rsa);
|
||||||
return result;
|
return result;
|
||||||
|
Loading…
Reference in New Issue
Block a user